cloudflare_zone_settings_override zone_id recreates resource

Evesy commented 5 years ago

Terraform Version

Terraform: 0.12.7 CF Provider: 2.0.0

Affected Resource(s)

Please list the resources as a list, for example:

cloudflare_zone_settings_override

Terraform Configuration Files

resource "cloudflare_zone_settings_override" "zone_override_settings" {
  zone_id = cloudflare_zone.default.id

  dynamic "settings" {
    for_each = var.zone_settings
    content {
      always_online         = lookup(settings.value, "always_online", "on")
      always_use_https      = lookup(settings.value, "always_use_https", "on")
      cname_flattening      = lookup(settings.value, "cname_flattening", "flatten_at_root")
      hotlink_protection    = lookup(settings.value, "hotlink_protection", "off")
      http2                 = lookup(settings.value, "http2", "on")
      security_level        = lookup(settings.value, "security_level", "high")
      ssl                   = lookup(settings.value, "ssl", "strict")
      true_client_ip_header = lookup(settings.value, "true_client_ip_header", "on")
      waf                   = lookup(settings.value, "waf", "on")
    }
  }
}

(name has been swapped out for zone_id in this plan)

Expected Behavior

Zone overrides should be a noop

Actual Behavior

Resource wants to be recreated:

  # module.simulate.cloudflare_zone_settings_override.zone_override_settings must be replaced
-/+ resource "cloudflare_zone_settings_override" "zone_override_settings" {
      ~ id                       = "bff...e68" -> (known after apply)
      ~ initial_settings         = [
          - {
              - always_online               = "off"
              - always_use_https            = "off"
              - automatic_https_rewrites    = "off"
              - brotli                      = "off"
              - browser_cache_ttl           = 14400
              - browser_check               = "on"
              - cache_level                 = "aggressive"
              - challenge_ttl               = 1800
              - cname_flattening            = "flatten_at_root"
              - development_mode            = "off"
              - edge_cache_ttl              = 7200
              - email_obfuscation           = "on"
              - h2_prioritization           = ""
              - hotlink_protection          = "off"
              - http2                       = "on"
              - image_resizing              = ""
              - ip_geolocation              = "on"
              - ipv6                        = "on"
              - max_upload                  = 100
              - min_tls_version             = "1.0"
              - minify                      = [
                  - {
                      - css  = "off"
                      - html = "off"
                      - js   = "off"
                    },
                ]
              - mirage                      = "off"
              - mobile_redirect             = [
                  - {
                      - mobile_subdomain = ""
                      - status           = "off"
                      - strip_uri        = false
                    },
                ]
              - opportunistic_encryption    = "off"
              - opportunistic_onion         = "on"
              - origin_error_page_pass_thru = "off"
              - polish                      = "off"
              - prefetch_preload            = "off"
              - privacy_pass                = "on"
              - pseudo_ipv4                 = "off"
              - response_buffering          = "off"
              - rocket_loader               = "off"
              - security_header             = [
                  - {
                      - enabled            = false
                      - include_subdomains = false
                      - max_age            = 0
                      - nosniff            = false
                      - preload            = false
                    },
                ]
              - security_level              = "medium"
              - server_side_exclude         = "on"
              - sort_query_string_for_cache = "off"
              - ssl                         = "flexible"
              - tls_1_2_only                = "off"
              - tls_1_3                     = "on"
              - tls_client_auth             = "off"
              - true_client_ip_header       = "off"
              - waf                         = "off"
              - webp                        = "off"
              - websockets                  = "on"
            },
        ] -> (known after apply)
      ~ initial_settings_read_at = "2019-05-03T10:11:18.910203172Z" -> (known after apply)
      ~ readonly_settings        = [
          - "advanced_ddos",
        ] -> (known after apply)
      + zone_id                  = "bff...e68" # forces replacement
      + zone_status              = (known after apply)
      + zone_type                = (known after apply)

      ~ settings {
            always_online               = "on"
            always_use_https            = "on"
          ~ automatic_https_rewrites    = "off" -> (known after apply)
          ~ brotli                      = "off" -> (known after apply)
          ~ browser_cache_ttl           = 14400 -> (known after apply)
          ~ browser_check               = "off" -> (known after apply)
          ~ cache_level                 = "aggressive" -> (known after apply)
          ~ challenge_ttl               = 1800 -> (known after apply)
            cname_flattening            = "flatten_at_root"
          ~ development_mode            = "off" -> (known after apply)
          ~ edge_cache_ttl              = 7200 -> (known after apply)
          ~ email_obfuscation           = "on" -> (known after apply)
          + h2_prioritization           = (known after apply)
            hotlink_protection          = "off"
            http2                       = "on"
          + image_resizing              = (known after apply)
          ~ ip_geolocation              = "on" -> (known after apply)
          ~ ipv6                        = "on" -> (known after apply)
          ~ max_upload                  = 100 -> (known after apply)
          ~ min_tls_version             = "1.0" -> (known after apply)
          ~ mirage                      = "off" -> (known after apply)
          ~ opportunistic_encryption    = "off" -> (known after apply)
          ~ opportunistic_onion         = "on" -> (known after apply)
          ~ origin_error_page_pass_thru = "off" -> (known after apply)
          ~ polish                      = "off" -> (known after apply)
          ~ prefetch_preload            = "off" -> (known after apply)
          ~ privacy_pass                = "on" -> (known after apply)
          ~ pseudo_ipv4                 = "off" -> (known after apply)
          ~ response_buffering          = "off" -> (known after apply)
          ~ rocket_loader               = "off" -> (known after apply)
            security_level              = "high"
          ~ server_side_exclude         = "on" -> (known after apply)
          ~ sort_query_string_for_cache = "off" -> (known after apply)
            ssl                         = "strict"
          ~ tls_1_2_only                = "off" -> (known after apply)
          ~ tls_1_3                     = "on" -> (known after apply)
          ~ tls_client_auth             = "off" -> (known after apply)
            true_client_ip_header       = "on"
            waf                         = "on"
          ~ webp                        = "off" -> (known after apply)
          ~ websockets                  = "on" -> (known after apply)

          ~ minify {
              ~ css  = "off" -> (known after apply)
              ~ html = "off" -> (known after apply)
              ~ js   = "off" -> (known after apply)
            }

          ~ mobile_redirect {
              + mobile_subdomain = (known after apply)
              ~ status           = "off" -> (known after apply)
              ~ strip_uri        = false -> (known after apply)
            }

          ~ security_header {
              ~ enabled            = false -> (known after apply)
              ~ include_subdomains = false -> (known after apply)
              ~ max_age            = 0 -> (known after apply)
              ~ nosniff            = false -> (known after apply)
              ~ preload            = false -> (known after apply)
            }
        }
    }

Perhaps it's safe to recreate this resource but I'm not sure if settings will be wiped to defaults before being reapplied (potentially causing disruption)

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

Zone settings override on version <2.0.0 of provider specifying name.
Remove name and use zone_id instead, run a plan on version 2.0.0 of provider.

SteveGoldthorpe-Work commented 5 years ago

Just hit exactly the same issue. The ForceNew property of zone_id causes the problem as we don't have zone_id set with resources originally created with the 1.x provider (they used the name parameter). This is preventing adoption to 2.x tree.

patryk commented 5 years ago

Hey, please check out if #502 fixes your issue. It will set zone_id on Read, which happens before apply.

SteveGoldthorpe-Work commented 5 years ago

Just built branch from #502 (issue_501) and it seems to do the right things:

doesn't replace the resource if zone_id matches the zone id name pointed at originally and no param changed during an upgrade from 1.x.x.
still replaces if zone_id changes.
does an update if zone_id matches and a param is changed.

LGTM, Although @jacobbednarz is probably right about a regression test.

cloudflare / terraform-provider-cloudflare